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Subject 
- desire to perform - 
Safety Risk Analysis 



I 



Assemble a Review Team 



Identify inherent Hazards 
of the Subject 



DOCUMENT and Catalog for 
future reference / search 



Preliminary 
Hazard 
Assessment 
[PHA] 



28 



Are there identified 
Unsafe Conditions that 

may result from an 
^uncontrolled inherent 
Hazard (s) 
? 



YES 



NO 



DOCUMENT and 
Catalog for future 
reference / search 



^N^ 



Based on the inherent Hazards and the 
Known Operation of the Product / System 

Analyze Design Deviations or 
Modes of Operation that may cause Hazards 
creating or contributing to an Unsafe Condition 

Identify Existing Controls that mitigate the Risk of the Unsafe 
Condition and Verifications of those Controls 

Determine 

1) the potential Severity of the Unsafe Condition 
2) the Likelihood of this Specific Hazard Occurring 
Risk = Severity x Likelihood 



Identify Actions 
that can be taken 
to mitigate the current 
Risk Level 



YES 



Are there 
"Readily Apparent" 
"specific actions that can^ 
deduce the Risk of this^ 
s^pecific Hazard^ 
? 

NO 



DOCUMENT and Catalog for 
future reference / search 



Figure 3 



Hazardous 
Operations 
Review 
[HAZ_Op] 
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DOCUMENT and 
Catalog for future 
reference / search 



Define in Detail how the Unsafe Condition is a 
Contributory Step (or Hazard) in one or more Scenarios 
that lead to an Accident 



Arrange the Single Step Contributory Hazards 
from this Product / System with Contributory Hazards from 
other Products / Systems or Outside World Influences 
to Complete the Accident Scenario Demonstrating a 
Credible path through Contributory Hazards to the 
Unsafe Condition to Harm 



± 



Incorporate previously identified 
Risk Mitigating Controls and the 
Verifications of those Controls. 

Analyze the Residual Risk of the Accident 
Scenario resulting in Harm by first 
analyzing the Individual Risk of each 
Contributory step (Hazard) allowing the 
Scenario to Propagate 



Identify Actions 
that may be taken 
to Further mitigate the current 
Residual Risk Level 



Figure 4 




Accident 
Scenario 
Review 
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© 



DOCUMENT and Catalog for 
future reference / search 



Track All Actions to 
Completion 

Re-visit and Re- 
Evaluate as 
necessary 



DOCUMENT and Catalog for 
future reference / search 



^N^ 



Figure 5 
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' r Preliminary Hazard ^ 
Assessment 
Safety Risk Analysis 



28 



NO 



Determine a Rational 
Break-Down 
Structure of the 
whole into parts 
and Identify the Order 
in which to begin 
analyzing each 
identified part 



Determine if the 
Subject should be 
analyzed as a single 
entity 



YES 



Subject Owners / Experts 

Provide an Overview of: 
1 ) Product / System Purpose 
2) Intended Operation 
3) Operating Constituents (e.g. materials, fluids, etc) 
4) Operating Parameters (e.g. Flow rates, Temperatures, etc) 
5) Overall Geometry or Design 



Identify Hazards Inherently 
associated with any 
of the features from the step above 
[e.g. Steam - Hot / Burn 
Cutting Blades - Sharp / Cut] 



Identify the Relevant 
Portion in the Life Cycle of the 
Subject when the 
Inherent Hazard is active 



Identify and List 
the Readily Apparent . 
Features that Control or Mitigate 
the risk of the Inherent Hazard causing an 
Unsafe Condition 



Figure 6 
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Summarize the 
SAFETY CTQ's of the 
Subject 

(the Critical to Quality or primary drivers to 
assure safety) 



Determine and List 
other Components / Systems 
that interact with the Subject 



Determine and List 
all current documentation 
used to define and / or control the subject, its 
use, maintenance or installation 



Determine and List 
readily apparent 
parameters / indicators / geometries, etc 
that may be used in a Safety Audit of the 
Subject 



Are there identified 
Unsafe Conditions that 
may result from an 
uncontrolled 
Inherent Hazard 

9 



YES 



NO 



DOCUMENT and 
Catalog for future 
reference / search 



^N^ 



Proceed to 
Hazardous Operations Review 
(Figure 7) 



Figure 7 
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From Preliminary 
Hazard Assessment 
(Figure 6) 



Using the Information 
Captured by the Preliminary Hazard Assessment, 

Identify 
Design Deviations 
Modes of Operation 
Personnel Interaction 
that may create a Hazard 
That would cause or contribute to an Unsafe Condition 

Focus on Single Point failures 




Crate a Guide-Word Matrix of 
1) Subject features / operating modes / parameters 
2) Deviations, anomalies, off-design operation 



Review Team Checks / Edits the Guide-Word Matrix 



Review Team Creates 
Haz_Op Table to address 
Each defined Parameter and its associated Deviation 
from the Guide-Word Matrix - the Table captures 
1 ) the Cause of Parameter / Deviation 
2) the Consequential Hazard or the Parameter / Deviation 

3) the Controls that mitigate the Hazard 
4) the Verifications that assure the Controls are working 



5 



Figure 8 
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Review Team 
Considers the Severity Level of the 
Hazard and record that level 
in the appropriate Column 



Review Team 
Considers the Likelihood of the Hazard occurring 
with the Current level of Control and Verification 
Record Likelihood in the appropriate column 




YES 



DOCUMENT and Catalog for 
future reference / search 



NO 




Figure 9 
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From Hazardous 
Operations Review 
(Figure 9) 



32 



For Unsafe Conditions with a potential 
Severity Level greater than a pre-defined 
Critical Level 

Define in Detail how the 
Unsafe Condition is brought about 



First Identify Initiating Hazards - e.g. 
Design, Manufacturing, Installation, Operation and Maintenance 

Create a logical path from Initiating Hazards through 
Contributory Steps (or Hazards) from one 
or more Haz_JDp Tables and known outside world influences 

These Steps (or Hazards) should create a serial or parallel path(s) 
that are considered credible by the Review Team 

The final steps must include the presence (or non-presence) of 
personnel interaction with the Unsafe Condition 
and Identify the type(s) of Harm that may occur 



The Review Team 
Considers and Determines (or verifies) the Severity 
Level for each identified type of Harm 




Figure 11 
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Incorporate previously identified 
Risk Mitigating Controls and the 
Verifications of those Controls 



Identify 
Actions 
that may be taken 
to Further 
Reduce 
the current 
Likelihood Level 
of this Step 



Step-Wise 
The Review Team Considers 

each consecutive Hazard 
in the path and to what degree 
the Identified Hazard Controls and the 
Verifications of those Controls 
would successfully stop the 
Accident Scenario from proceeding 



YES 



The Review Team 
Assigns a 

Likelihood Level that 
this step (or Hazard) will 
continue to the next 




Are there 
Readily Apparent 
specific actions 
that can Reduce 
the Risk of the 
Unsafe Condition 
or the Identified 
Harm? 



YES 



NO 



Is the Likelihood 
too high that the 
Accident Scenario 
will Proceed 
? 

NO 



Have all steps (or 
Hazards) been 
considered and 

Likelihood 
Determined for all 
^Credible Paths , 
? 



Proceed to the 
Next Step (or 
Hazard) in the 
Scenario 




NO 



Figure 12 
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DOCUMENT and 
Catalog for future 
reference / search 




END 




Review Team to Determine the Residual 
Risk of the Accident Scenario proceeding 
through the Unsafe Condition to 
the End Harm by analyzing the Likelihood 
paths and the previously determined 
Severity Level 



YES 




Review and Determine means to: 

1) Incorporate further Controls or 
Verifications to reduce the Likelihood 
of Proceeding at key steps 

2) Change the Overall Scenario such 
that the Severity of the Harm is 
Reduced 



0 



Figure 13 
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1 



Assign actions to responsible parties to 

1) enact further Controls or 

2) create New Controls or 

3) fundamentally change the system 

to reduce the Likelihood of occurrence 
or the overall Severity of the Harm 



Track All Actions 
to 

Completion 

Re-Evaluate as 
necessary 





f 


DOCUMENT and Catalog for 
future reference / search 







Repeat Hazardous 
-M Operations Review 
as necessary 
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^END^ 



Figure 14 
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r Subject ^ 






-desire to perform- 






^Safety Risk Analysis^ 








Identify Inherent Hazards 


of the Subject ; 



DOCUMENT and 
Catalog for future 
reference / search 



NO 



^N^ 



Are there 
Unsafe Conditions that 
jnay result from an Uncontrolled 
Jnherent Hazard(s) 
? 



YES 



XL 



28 



Preliminary 
Hazard 
Assessment 
[PHA] 



42 — i 



Identify Single Point Failures 
(or even normal operation) 
that lead to Unsafe Conditions based 
on the Identified inherent Hazards 



Consider the effect 
of these changes 

on the whole 
Product / System 



Identify Controls and Verifications 
to prevent the Single Point Failures 
or mitigate the Unsafe Condition 



■44 



52 



Would the 
Identified Unsafe condition(s) 
Result in Harm of 
High Severity 

? 

*YES t 48 



NO _J 



Identify Actions 
that may be taken 
to Further Reduce the 
Risk Level 



Identify Multipoint Failures 
that lead to 
High Severity Unsafe Conditions 

i 



Identify Controls and Verifications 
to prevent the multi-point failures 
or mitigate the Unsafe Condition 



NO 




40 



Hazardous 
Operations 
Review 
[Haz_Op] 



46 



Accident 
Scenario 
Review 



DOCUMENT and Catalog for 
future reference / search 



Figure 15 
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^ Input ^ 




Evaluate 
Mitigating 
Factors 



Search Database 
of Prior Safety Reviews 
for Similar Products 








68 


Conduct Safety 
Review 




^—64 



NO 




Document Review 
Process and Store 
in Database 



Figure 16 



17/18 




50 



4 



Record, Categorize and retain the 
information of the event for possible 
future use as occurrence data. 




Pull existing Haz_Ops and ASRs j 
of the system(s) to determine if / 
the incident was previously / 
Predicted during the New 
Product Introduction Review 
phase. 



A- 



58 



Construct Accident Scenario Model to capture the identified 

Cause/Effect steps that lead to the incident - use the 
previously documented information as much as possible to 
aid in the construction of the model 



Accident 
Scenario 
Review 18 



^Analysis to determine the Root 
Cause(s) of the Incident 




62 



Figure 17 



18/18 



1 



Identify Corrective Actions (changes) that 
can be made to the product or 
surrounding system / environment to 
minimize the chance of the incident 
recurring or to mitigate the severity of the 
incident. 

Use the Accident Scenario Review tool to 
focus on the most crucial step(s) 
(intersections of the process map) to 
most effectively enact the improvement. 



Incorporate the corrective 
actions into the model of 
the Accident Scenario. 



Determine 
Corrective 
Action 52 



NO 



Is the Newly Defined 
l\sk Acceptable, 



YES 



Enact the corrective actions in the product 
line 

Verify the effectiveness of the corrective 
actions at minimizing recurrence of the 
Jncident or mitigating the severity of the 
incident. 




Make new amendment records to Amend the previously 
recorded (Proctive) New Product Introduction ASRs 

update the individual failure steps from the ASR(s) into 
their respective sub-system or component Haz_Ops 

Used for future New Product Reviews to include the 
lessons learned from the current investigation 




Amended template Haz_Ops and 
ASRs for the prodcut line now will 
ensure all future product line 
changes, or new roll-outs will 
incoporate the lessons learned from 
the field event 




Figure 18 



